Html
CVE-2012-6142
HIGH
Severity by source
AV:N/AC:L/Au:N/C:P/I:P/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:N/C:P/I:P/A:P
Lifecycle Timeline
1DescriptionCVE.org
Session::Cookie in the HTML::EP module 0.2011 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.
AnalysisAI
Session::Cookie in the HTML::EP module 0.2011 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. Session::Cookie in the HTML::EP module 0.2011 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized. Affected products include: Jochen Wiedmann Html\.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.
HTML::Gumbo versions before 0.19 for Perl disclose heap memory via type confusion. Support for the <template> element w
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can
Heap information disclosure in HTML::Entities for Perl (versions before 3.84) allows remote attackers to leak adjacent h
Html contains a vulnerability that allows attackers to denial of service (DoS) if an attacker provides specially crafted
Same weakness CWE-94 – Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today